Wednesday, April 17, 2024
Latest:

TITA TECHIE

A Filipina Digital ImmigrAUNT

Security 

Malware Alert! This app was found to be harvesting user passwords

Tita Jane 0 Comments , , ,

This is one of those user nightmare stories that make me paranoid.

Just recently, the App Store and Google Play removed a third party malicious app called “Who Viewed Your Profile – InstaAgent“. This app purportedly allowed you to monitor visitors who viewed your Instagram profile. However, a developer with a German app company, Peppersoft, was reported in this article to have downloaded the app and discovered code that showed the app “reading Instagram account usernames and passwords, sending them via clear text to a remote server – instagram.zunamedia.com”

The article went on to say that not only was the app harvesting the passwords but it was also using them to log into the harvested Instagram accounts to post unauthorized photos, bypassing Instagram’s policy of not allowing third-party apps to post pictures to user accounts.

It’s possible that many Instagram users in the United Kingdom and Canada, where it is one of the top apps, are exposed. Here are a series of tweets from a Peppersoft developer, David L-R, who goes by the Twitter handle @PeppersoftDev.

Surprise, surprise , #InstaAgent is also posting images without you permission in your #Instagram profile 😂 . pic.twitter.com/Syvsv71wcn

— David L-R (@PeppersoftDev) November 10, 2015

#InstaAgent is only able to post a image in your #Instagram account because they got your account password! #hacked pic.twitter.com/0vD1OJBY9l

— David L-R (@PeppersoftDev) November 10, 2015

I would say “Who Viewed Your Profile – InstaAgent” is the first malware in the iOS Appstore that is downloaded half a million times.

— David L-R (@PeppersoftDev) November 10, 2015

Third-party apps that provide more information about our followers can get really attractive. Analytics, demographics and other behavioral information are helpful so we can tweak our blogs and social media habits but also, to be honest, they satisfy our curiosity about our followers.

Unfortunately, for these apps to work, one has to give them express permission and in this case, it entailed keying in one’s password to link Instagram to the third-party app.

If you are one of those who previously downloaded the app, best thing to do now is this:

1. Immediately delete the app from your mobile phone or tablet

2. Go to Instagram-Options-Settings-Linked Accounts and check if the app is still listed there. If it is, unlink it from your Instagram.

3. Change your Instagram password to a random, strong one.

It may also be a good time to check your other apps for third-party app permissions and revoke those which you no longer use.

Tita Jane

Tita forever, geek forever!!! Loves gadgets more than clothes... First introduced to IT via punched cards and COBOL programming... IT auditor for over 5 years... IT consultant covering the financial industry for over 7 years... Now, a blogger and social media practitioner...and still covering the IT world, among other interests. And proud that all my kids are geeky as well. ~ Tita Jane Uymatiao

You May Also Like

According to HP Research, 29% of cyber threats are previously unknown

Tita Jane 0

Globe At Home Air Fiber 5G makes the Philippines the first country in Southeast Asia to experience 5G technology

Tita Jane 0

New Year, New Passwords

Tita Jane 0

Leave a Reply

Your email address will not be published. Required fields are marked *